PT-2023-23691 · Tellus+1 · Tellus+1

Michael Heinzl

Published

2023-06-19

Updated

2024-12-23

CVE-2023-32270

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions TELLUS version 4.0.15.0 TELLUS Lite version 4.0.15.0

Description The issue is related to accessing a memory location after the end of a buffer, which can occur when opening a specially crafted V8 file. This may lead to information disclosure and/or arbitrary code execution.

Recommendations For TELLUS version 4.0.15.0, avoid opening specially crafted V8 files until a patch is available. For TELLUS Lite version 4.0.15.0, avoid opening specially crafted V8 files until a patch is available. As a temporary workaround, consider restricting access to V8 files to minimize the risk of exploitation.

Fix

Buffer Overflow

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-125

Related Identifiers

CVE-2023-32270

Affected Products

Tellus

Tellus Lite

PT-2023-23691 · Tellus+1 · Tellus+1

CVE-2023-32270

Weakness Enumeration

Related Identifiers

Affected Products

References · 6